Data Security
Payment Card Industry Data Security Standard
PCI DSS = Payment Card Industry Data Security Standard (often shortened to “PCI”), is a set of data security requirements established by the major card brands (including Visa® and MasterCard®) to protect cardholder account information.
To Whom Does PCI Apply?
All merchants who accept any type of payment card transactions must be compliant with the PCI DSS at all times.
Two Important Steps to PCI Compliance:
- Merchants must maintain compliance by satisfying the 12 PCI DSS requirements at all times.
- Level 1-3 merchants must then validate or prove their compliance by meeting requirements that vary by “PCI level,” which is based on annual card transaction volumes.
PCI levels range from 1 to 4, representing highest to lowest annual transaction volumes
Please review the "Determining Your PCI Levels" navigation tab above in determining a Merchants PCI level and the "PCI Level 1-4 Boarding Requirements" tab to ensure your merchants are provided the proper expectation when boarding with Bank of America Merchant Services.
PCI Security Standards Council Resources
To learn more about standards for protecting data, visit the Security Standards Council at pcisecuritystandards.org
Payment Card Industry Resources
- Qualified Security Assessors (QSA)
- Approved Scanning Vendors (ASV)
- Visa Webinars & Bulletins
- Trustwave Webinars & Bulletins
- Updated List of Validated Payment Applications
- Merchant Services PCI Compliance Status
- Visa PIN-Debit Security Information
- MasterCard SDP Revisions for Level 1 and 2 Merchants ISA Program